Skip to Content
Former Member
Oct 11, 2016 at 12:54 AM

HCP Problem with secondary Identity Provider and ?saml2idp= URL parameter

1441 Views Last edit Oct 11, 2016 at 01:15 AM 4 rev


I have a problem with ?saml2idp= URL parameter in my application deployed in HCP. I have two Identity Providers set up in the HCP configuration. The user authentication against default IdP works fine.

Unfortunately, when I add '?' parameter to an URL of my application to use secondary IdP, user is redirected to to authenticate, then he is redirected back to HCP and gets an HTTP 401 Unauthorized error.

The same error message is returned for all applications deployed in the HCP account when using ?saml2idp= parameter. Both of the Identity Providers are configured the same way.

Does anyone use multiple Identity Providers in HCP? Do you know where is the problem and how to fix it? In the application logs I can see problems with SAML signature (below), but the SAML2 response contains proper user data.

Thank you for any help,


Problems with SAML signature in the app logs:

  • 2016 10 06 validation of SAML2Assertion Signature not valid!
  • 2016 10 06 to process SAML Signature validation of SAML2Assertion failed. at